E2E FormsLast updated: February 28, 2026
E2E Forms is built on the principle of privacy by design. We collect the minimum amount of data necessary to operate the Service and have architected our encryption system so that we cannot access your protected content.
Account data: When you create an account, we collect your email address, name, and a hashed password. Passwords are hashed using bcrypt and are never stored in plaintext.
Form submissions (non-encrypted): If E2E encryption is not enabled on a form, submission data is stored in plaintext in our database, accessible to the form owner.
Form submissions (E2E encrypted): When E2E encryption is enabled, submissions are encrypted in the respondent's browser using AES-256-GCM before transmission. We store only the ciphertext. We cannot decrypt this data. Your encryption passphrase never leaves your browser.
Technical data: We process standard HTTP request information (user agent, referrer) for security and anti-abuse purposes. See Section 4 regarding IP addresses.
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not display ads in the Service.
By default, E2E Forms does not persistently log or track IP addresses of form respondents. Temporary IP data may be processed in memory for rate limiting and anti-abuse (e.g., blocking repeated submission attempts) but is not stored long-term.
If we receive a valid court order or other binding legal process compelling us to enable IP logging, we may be required to do so. In such cases, affected account holders will be notified via email within 30 days of the legal request, unless notification is prohibited by the legal order itself.
For additional anonymity, we recommend using a VPN service. We suggest ProtonVPN for its strong privacy track record.
We employ multiple layers of encryption:
If you enable AI grading on a form, submission content for that form is sent to third-party AI providers (such as Anthropic or OpenAI) for processing. This applies only to non-encrypted submissions — E2E encrypted submissions cannot be processed by AI because the server cannot read them. AI grading is opt-in and disabled by default.
We do not use analytics trackers, advertising pixels, or social media widgets in the Service.
Account data is retained while your account is active. Form submissions are retained until you delete them or your account is terminated. Upon account deletion, all associated data is removed within 30 days. Encrypted data is permanently unrecoverable once deleted, as we do not hold decryption keys.
Depending on your jurisdiction, you may have rights including:
To exercise these rights, contact us through the Contact link on our website. We will respond within 30 days.
In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law. Note that E2E encrypted submissions remain protected even in the event of a database breach, as they cannot be decrypted without your passphrase.
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice in the Service. Continued use after changes constitutes acceptance.
For privacy-related inquiries, contact us at the email address in your account settings or through the Contact link on our website.